formula_audit: Check the license(s) of the specific release

- Some repositories occasionally change their licenses. For example they
  release a version of the software with one license and then decide to change
  the license later.
- Now that `?ref=` is a parameter to the GitHub Repositories License API,
  we can use that in the license audit to check if the license of the specific
  release matches the one declared in the formula.

Library/Homebrew/formula_auditor.rb

@@ -255,7 +255,8 @@ module Homebrew
         user, repo = get_repo_data(%r{https?://github\.com/([^/]+)/([^/]+)/?.*})
         return if user.blank?
 
-        github_license = GitHub.get_repo_license(user, repo)
+        tag = SharedAudits.github_tag_from_url(formula.stable.url)
+        github_license = GitHub.get_repo_license(user, repo, ref: tag)
         return unless github_license
         return if (licenses + ["NOASSERTION"]).include?(github_license)
         return if PERMITTED_LICENSE_MISMATCHES[github_license]&.any? { |license| licenses.include? license }

Library/Homebrew/utils/github.rb

@@ -497,8 +497,10 @@ module GitHub
     end
   end
 
-  def self.get_repo_license(user, repo)
+  def self.get_repo_license(user, repo, ref: nil)
-    response = API.open_rest("#{API_URL}/repos/#{user}/#{repo}/license")
+    url = "#{API_URL}/repos/#{user}/#{repo}/license"
+    url += "?ref=#{ref}" if ref.present?
+    response = API.open_rest(url)
     return unless response.key?("license")
 
     response["license"]["spdx_id"]